The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but its exact implementations are not openly disclosed. Security guarantees of TRR mechanisms cannot be easily studied due to their proprietary nature.To assess the security guarantees of recent DRAM chips, we present Uncovering TRR (U-TRR), an experimental methodology to analyze in-DRAM TRR implementations. U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows. U-TRR allows us to (i) understand how logical DRAM rows are laid out physically in silicon; (ii) study undocumented on-die TRR mechanisms; and (iii) combine (i) and (ii) to evaluate the RowHammer security guarantees of modern DRAM chips. We show how U-TRR allows us to craft RowHammer access patterns that successfully circumvent the TRR mechanisms employed in 45 DRAM modules of the three major DRAM vendors. We find that the DRAM modules we analyze are vulnerable to RowHammer, having bit flips in up to 99.9% of all DRAM rows. CCS Concepts• Hardware → Dynamic memory; • Security and privacy → Hardware reverse engineering.
Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC's fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processingin-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.
There are two major sources of ine ciency in computing systems that use modern DRAM devices as main memory. First, due to coarse-grained data transfers (size of a cache block, usually 64 B) between the DRAM and the memory controller, systems waste energy on transferring data that is not used in many workloads where a large fraction of words in a cache block is not used. Second, due to coarse-grained DRAM row activation, systems waste energy by activating DRAM cells that are unused in many workloads where spatial locality is lower than the large row size (usually 8-16 kB).We propose Sectored DRAM, a new, low-overhead DRAM substrate that alleviates the two ine ciencies, by enabling negrained DRAM access and activation. To e ciently retrieve only the useful data from DRAM, Sectored DRAM exploits the observation that many cache blocks are not fully utilized in many workloads due to poor spatial locality. Sectored DRAM predicts the words in a cache block that will likely be accessed during the cache block's cache residency and: (i) transfers only the predicted words on the memory channel, as opposed to transferring the entire cache block, by dynamically tailoring the DRAM data transfer size for the workload and (ii) activates a smaller set of cells that contain the predicted words, as opposed to activating the entire DRAM row, by carefully operating physically isolated portions of DRAM rows (MATs). Activating a smaller set of cells on each access relaxes DRAM power delivery constraints and allows the memory controller to schedule DRAM accesses faster. Thereby, Sectored DRAM improves memory latency and system performance for many workloads that frequently and irregularly access memory.Compared to prior work in ne-grained DRAM, Sectored DRAM greatly reduces DRAM energy consumption, does not reduce DRAM throughput, and can be implemented with low hardware cost. We evaluate Sectored DRAM using 41 workloads from widely-used benchmark suites. Compared to a system with coarse-grained DRAM, Sectored DRAM reduces the DRAM energy consumption of highly-memory-intensive workloads by up to (on average) 33% (20%) while improving their performance by up to (on average) 36% (17%). Sectored DRAM's DRAM energy savings, combined with its system performance improvement, allows system-wide energy savings of up to 23%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.